HITRUST Now Offers NIST Cybersecurity Framework Authorization


The safety and secrecy standards development and authorization business HITRUST has begun offering authorization for the National Institute of Standards and Technology’s (NIST) Framework for Improving Important Infrastructure Cybersecurity (Cybersecurity Framework). The accreditation program makes it simpler for healthcare companies to report development to administration, business associates, and controllers and confirm they have met NIST cybersecurity framework rules.

The NIST Cybersecurity Framework is a group of guidelines and best practices that assist companies to improve safety, cope with cybersecurity danger, and safeguard important infrastructure. Several healthcare companies have implemented the NIST cybersecurity framework, however, are uncertain how they are doing in the cybersecurity groups.

By way of the HITRUST CSF Assurance Program, healthcare companies can evaluate whether they have met the prerequisites in each of the NIST groups.

The HITRUST CSF now contains a record that lets companies test how their safety plan maps to the main subgroups of the NIST Cybersecurity Framework and provides fulfillment rankings for each main subcategory. HITRUST also provides authorization to verify that companies are meeting all prerequisites of the NIST Cybersecurity Framework. If a business gets a specific score, authorization will be issued against the NIST Cybersecurity Framework.

The Government Accountability Office (GAO) has verified that the HITRUST CSF aligns with the NIST Cybersecurity Framework and lets companies show compliance.

NIST has also created direction for healthcare companies to help them apply the different controls specified in the NIST Framework. The application direction can be used even if companies select not to go through the evaluation process.

“The HITRUST CSF’s amalgamation and harmonization of several industry-relevant legal, regulatory and best practice requirements into a sole, prescriptive, however highly tailorable framework makes it very easy for companies to decide a proper Target Profile and then apply and report their progress towards a cybersecurity program that fulfills the objectives and goals of the NIST Framework”

HITRUST CSF Assurance Program has been adopted by about 80% of hospitals and insurance businesses. Through a single evaluation, healthcare businesses can evaluate compliance with the HIPAA Safety and Secrecy Laws, the NIST Cybersecurity Framework, ISO 27001, GDPR, PCI and other prominent frameworks and standards.